Merge pull request #7134 from SevenEarth/feat/cdb_tencent_add_new_query

feat(query): add new query for tencentcloud CDB resource

assets/queries/terraform/tencentcloud/cdb_instance_internet_service_enabled/metadata.json

@@ -0,0 +1,12 @@
+{
+  "id": "5d820574-4a60-4916-b049-0810b8629731",
+  "queryName": "(Beta) CDB Instance Internet Service Enabled",
+  "severity": "HIGH",
+  "category": "Insecure Configurations",
+  "descriptionText": "CDB Instance Internet should have internet service disabled",
+  "descriptionUrl": "https://registry.terraform.io/providers/tencentcloudstack/tencentcloud/latest/docs/resources/mysql_instance#internet_service",
+  "platform": "Terraform",
+  "descriptionID": "2d49b723",
+  "cloudProvider": "tencentcloud",
+  "cwe": ""
+}

assets/queries/terraform/tencentcloud/cdb_instance_internet_service_enabled/query.rego

@@ -0,0 +1,20 @@
+package Cx
+
+import data.generic.common as common_lib
+import data.generic.terraform as tf_lib
+
+CxPolicy[result] {
+	resource := input.document[i].resource.tencentcloud_mysql_instance[name]
+    resource.internet_service == 1
+
+	result := {
+		"documentId": input.document[i].id,
+		"resourceType": "tencentcloud_mysql_instance",
+		"resourceName": tf_lib.get_resource_name(resource, name),
+		"searchKey": sprintf("tencentcloud_mysql_instance[%s].internet_service", [name]),
+		"issueType": "IncorrectValue",
+		"keyExpectedValue": sprintf("[%s] has 'internet_service' set to 0 or undefined", [name]),
+		"keyActualValue": sprintf("[%s] has 'internet_service' set to 1", [name]),
+        "searchLine":common_lib.build_search_line(["resource", "tencentcloud_mysql_instance", name, "internet_service"], []),
+	}
+}

assets/queries/terraform/tencentcloud/cdb_instance_internet_service_enabled/test/negative1.tf

@@ -0,0 +1,45 @@
+data "tencentcloud_availability_zones_by_product" "zones" {
+  product = "cdb"
+}
+
+resource "tencentcloud_vpc" "vpc" {
+  name       = "vpc-mysql"
+  cidr_block = "10.0.0.0/16"
+}
+
+resource "tencentcloud_subnet" "subnet" {
+  availability_zone = data.tencentcloud_availability_zones_by_product.zones.zones.0.name
+  name              = "subnet-mysql"
+  vpc_id            = tencentcloud_vpc.vpc.id
+  cidr_block        = "10.0.0.0/16"
+  is_multicast      = false
+}
+
+resource "tencentcloud_security_group" "security_group" {
+  name        = "sg-mysql"
+  description = "mysql test"
+}
+
+resource "tencentcloud_mysql_instance" "example" {
+  engine_version    = "5.7"
+  charge_type       = "POSTPAID"
+  slave_deploy_mode = 0
+  availability_zone = data.tencentcloud_availability_zones_by_product.zones.zones.0.name
+  slave_sync_mode   = 1
+  instance_name     = "tf-example-mysql"
+  mem_size          = 4000
+  volume_size       = 200
+  vpc_id            = tencentcloud_vpc.vpc.id
+  subnet_id         = tencentcloud_subnet.subnet.id
+  intranet_port     = 3306
+  security_groups   = [tencentcloud_security_group.security_group.id]
+
+  tags = {
+    name = "test"
+  }
+
+  parameters = {
+    character_set_server = "utf8"
+    max_connections      = "1000"
+  }
+}

assets/queries/terraform/tencentcloud/cdb_instance_internet_service_enabled/test/negative2.tf

@@ -0,0 +1,46 @@
+data "tencentcloud_availability_zones_by_product" "zones" {
+  product = "cdb"
+}
+
+resource "tencentcloud_vpc" "vpc" {
+  name       = "vpc-mysql"
+  cidr_block = "10.0.0.0/16"
+}
+
+resource "tencentcloud_subnet" "subnet" {
+  availability_zone = data.tencentcloud_availability_zones_by_product.zones.zones.0.name
+  name              = "subnet-mysql"
+  vpc_id            = tencentcloud_vpc.vpc.id
+  cidr_block        = "10.0.0.0/16"
+  is_multicast      = false
+}
+
+resource "tencentcloud_security_group" "security_group" {
+  name        = "sg-mysql"
+  description = "mysql test"
+}
+
+resource "tencentcloud_mysql_instance" "example" {
+  internet_service  = 0
+  engine_version    = "5.7"
+  charge_type       = "POSTPAID"
+  slave_deploy_mode = 0
+  availability_zone = data.tencentcloud_availability_zones_by_product.zones.zones.0.name
+  slave_sync_mode   = 1
+  instance_name     = "tf-example-mysql"
+  mem_size          = 4000
+  volume_size       = 200
+  vpc_id            = tencentcloud_vpc.vpc.id
+  subnet_id         = tencentcloud_subnet.subnet.id
+  intranet_port     = 3306
+  security_groups   = [tencentcloud_security_group.security_group.id]
+
+  tags = {
+    name = "test"
+  }
+
+  parameters = {
+    character_set_server = "utf8"
+    max_connections      = "1000"
+  }
+}

assets/queries/terraform/tencentcloud/cdb_instance_internet_service_enabled/test/positive1.tf

@@ -0,0 +1,46 @@
+data "tencentcloud_availability_zones_by_product" "zones" {
+  product = "cdb"
+}
+
+resource "tencentcloud_vpc" "vpc" {
+  name       = "vpc-mysql"
+  cidr_block = "10.0.0.0/16"
+}
+
+resource "tencentcloud_subnet" "subnet" {
+  availability_zone = data.tencentcloud_availability_zones_by_product.zones.zones.0.name
+  name              = "subnet-mysql"
+  vpc_id            = tencentcloud_vpc.vpc.id
+  cidr_block        = "10.0.0.0/16"
+  is_multicast      = false
+}
+
+resource "tencentcloud_security_group" "security_group" {
+  name        = "sg-mysql"
+  description = "mysql test"
+}
+
+resource "tencentcloud_mysql_instance" "example" {
+  internet_service  = 1
+  engine_version    = "5.7"
+  charge_type       = "POSTPAID"
+  slave_deploy_mode = 0
+  availability_zone = data.tencentcloud_availability_zones_by_product.zones.zones.0.name
+  slave_sync_mode   = 1
+  instance_name     = "tf-example-mysql"
+  mem_size          = 4000
+  volume_size       = 200
+  vpc_id            = tencentcloud_vpc.vpc.id
+  subnet_id         = tencentcloud_subnet.subnet.id
+  intranet_port     = 3306
+  security_groups   = [tencentcloud_security_group.security_group.id]
+
+  tags = {
+    name = "test"
+  }
+
+  parameters = {
+    character_set_server = "utf8"
+    max_connections      = "1000"
+  }
+}

assets/queries/terraform/tencentcloud/cdb_instance_internet_service_enabled/test/positive_expected_result.json

@@ -0,0 +1,8 @@
+[
+  {
+    "queryName": "(Beta) CDB Instance Internet Service Enabled",
+    "severity": "HIGH",
+    "line": 24,
+    "fileName": "positive1.tf"
+  }
+]

assets/queries/terraform/tencentcloud/cdb_instance_using_default_intranet_port/metadata.json

@@ -0,0 +1,12 @@
+{
+  "id": "18d6aa4b-7570-4d95-9c75-90363ef1abd9",
+  "queryName": "(Beta) CDB Instance Internet Using Default Intranet Port",
+  "severity": "LOW",
+  "category": "Insecure Configurations",
+  "descriptionText": "CDB Instance Internet should not use have default intranet port",
+  "descriptionUrl": "https://registry.terraform.io/providers/tencentcloudstack/tencentcloud/latest/docs/resources/mysql_instance#intranet_port",
+  "platform": "Terraform",
+  "descriptionID": "dd780613",
+  "cloudProvider": "tencentcloud",
+  "cwe": ""
+}

assets/queries/terraform/tencentcloud/cdb_instance_using_default_intranet_port/query.rego

@@ -0,0 +1,36 @@
+package Cx
+
+import data.generic.common as common_lib
+import data.generic.terraform as tf_lib
+
+CxPolicy[result] {
+	resource := input.document[i].resource.tencentcloud_mysql_instance[name]
+    resource.intranet_port == 3306
+
+	result := {
+		"documentId": input.document[i].id,
+		"resourceType": "tencentcloud_mysql_instance",
+		"resourceName": tf_lib.get_resource_name(resource, name),
+		"searchKey": sprintf("tencentcloud_mysql_instance[%s].intranet_port", [name]),
+		"issueType": "IncorrectValue",
+		"keyExpectedValue": sprintf("[%s] has 'intranet_port' set to non 3306", [name]),
+		"keyActualValue": sprintf("[%s] has 'intranet_port' set to 3306", [name]),
+        "searchLine":common_lib.build_search_line(["resource", "tencentcloud_mysql_instance", name, "intranet_port"], []),
+	}
+}
+
+CxPolicy[result] {
+	resource := input.document[i].resource.tencentcloud_mysql_instance[name]
+    not common_lib.valid_key(resource, "intranet_port")
+
+	result := {
+		"documentId": input.document[i].id,
+		"resourceType": "tencentcloud_mysql_instance",
+		"resourceName": tf_lib.get_resource_name(resource, name),
+		"searchKey": sprintf("tencentcloud_mysql_instance[%s]",[name]),
+		"issueType": "MissingAttribute",
+		"keyExpectedValue": sprintf("[%s] 'intranet_port' should be set and the value should not be 3306",[name]),
+		"keyActualValue": sprintf("[%s] does not set 'intranet_port'",[name]),
+        "searchLine":common_lib.build_search_line(["resource", "tencentcloud_mysql_instance", name], []),
+	}
+}

assets/queries/terraform/tencentcloud/cdb_instance_using_default_intranet_port/test/negative1.tf

@@ -0,0 +1,45 @@
+data "tencentcloud_availability_zones_by_product" "zones" {
+  product = "cdb"
+}
+
+resource "tencentcloud_vpc" "vpc" {
+  name       = "vpc-mysql"
+  cidr_block = "10.0.0.0/16"
+}
+
+resource "tencentcloud_subnet" "subnet" {
+  availability_zone = data.tencentcloud_availability_zones_by_product.zones.zones.0.name
+  name              = "subnet-mysql"
+  vpc_id            = tencentcloud_vpc.vpc.id
+  cidr_block        = "10.0.0.0/16"
+  is_multicast      = false
+}
+
+resource "tencentcloud_security_group" "security_group" {
+  name        = "sg-mysql"
+  description = "mysql test"
+}
+
+resource "tencentcloud_mysql_instance" "example" {
+  engine_version    = "5.7"
+  charge_type       = "POSTPAID"
+  slave_deploy_mode = 0
+  availability_zone = data.tencentcloud_availability_zones_by_product.zones.zones.0.name
+  slave_sync_mode   = 1
+  instance_name     = "tf-example-mysql"
+  mem_size          = 4000
+  volume_size       = 200
+  vpc_id            = tencentcloud_vpc.vpc.id
+  subnet_id         = tencentcloud_subnet.subnet.id
+  intranet_port     = 3307
+  security_groups   = [tencentcloud_security_group.security_group.id]
+
+  tags = {
+    name = "test"
+  }
+
+  parameters = {
+    character_set_server = "utf8"
+    max_connections      = "1000"
+  }
+}

assets/queries/terraform/tencentcloud/cdb_instance_using_default_intranet_port/test/positive1.tf

@@ -0,0 +1,45 @@
+data "tencentcloud_availability_zones_by_product" "zones" {
+  product = "cdb"
+}
+
+resource "tencentcloud_vpc" "vpc" {
+  name       = "vpc-mysql"
+  cidr_block = "10.0.0.0/16"
+}
+
+resource "tencentcloud_subnet" "subnet" {
+  availability_zone = data.tencentcloud_availability_zones_by_product.zones.zones.0.name
+  name              = "subnet-mysql"
+  vpc_id            = tencentcloud_vpc.vpc.id
+  cidr_block        = "10.0.0.0/16"
+  is_multicast      = false
+}
+
+resource "tencentcloud_security_group" "security_group" {
+  name        = "sg-mysql"
+  description = "mysql test"
+}
+
+resource "tencentcloud_mysql_instance" "example" {
+  engine_version    = "5.7"
+  charge_type       = "POSTPAID"
+  slave_deploy_mode = 0
+  availability_zone = data.tencentcloud_availability_zones_by_product.zones.zones.0.name
+  slave_sync_mode   = 1
+  instance_name     = "tf-example-mysql"
+  mem_size          = 4000
+  volume_size       = 200
+  vpc_id            = tencentcloud_vpc.vpc.id
+  subnet_id         = tencentcloud_subnet.subnet.id
+  intranet_port     = 3306
+  security_groups   = [tencentcloud_security_group.security_group.id]
+
+  tags = {
+    name = "test"
+  }
+
+  parameters = {
+    character_set_server = "utf8"
+    max_connections      = "1000"
+  }
+}

assets/queries/terraform/tencentcloud/cdb_instance_using_default_intranet_port/test/positive2.tf

@@ -0,0 +1,44 @@
+data "tencentcloud_availability_zones_by_product" "zones" {
+  product = "cdb"
+}
+
+resource "tencentcloud_vpc" "vpc" {
+  name       = "vpc-mysql"
+  cidr_block = "10.0.0.0/16"
+}
+
+resource "tencentcloud_subnet" "subnet" {
+  availability_zone = data.tencentcloud_availability_zones_by_product.zones.zones.0.name
+  name              = "subnet-mysql"
+  vpc_id            = tencentcloud_vpc.vpc.id
+  cidr_block        = "10.0.0.0/16"
+  is_multicast      = false
+}
+
+resource "tencentcloud_security_group" "security_group" {
+  name        = "sg-mysql"
+  description = "mysql test"
+}
+
+resource "tencentcloud_mysql_instance" "example" {
+  engine_version    = "5.7"
+  charge_type       = "POSTPAID"
+  slave_deploy_mode = 0
+  availability_zone = data.tencentcloud_availability_zones_by_product.zones.zones.0.name
+  slave_sync_mode   = 1
+  instance_name     = "tf-example-mysql"
+  mem_size          = 4000
+  volume_size       = 200
+  vpc_id            = tencentcloud_vpc.vpc.id
+  subnet_id         = tencentcloud_subnet.subnet.id
+  security_groups   = [tencentcloud_security_group.security_group.id]
+
+  tags = {
+    name = "test"
+  }
+
+  parameters = {
+    character_set_server = "utf8"
+    max_connections      = "1000"
+  }
+}

assets/queries/terraform/tencentcloud/cdb_instance_using_default_intranet_port/test/positive_expected_result.json

@@ -0,0 +1,14 @@
+[
+  {
+    "queryName": "(Beta) CDB Instance Internet Using Default Intranet Port",
+    "severity": "LOW",
+    "line": 34,
+    "fileName": "positive1.tf"
+  },
+  {
+    "queryName": "(Beta) CDB Instance Internet Using Default Intranet Port",
+    "severity": "LOW",
+    "line": 23,
+    "fileName": "positive2.tf"
+  }
+]

assets/queries/terraform/tencentcloud/cdb_instance_without_backup_policy/metadata.json

@@ -0,0 +1,12 @@
+{
+  "id": "ca94be07-7de3-4ae7-85ef-67e0462ec694",
+  "queryName": "(Beta) CDB Instance Without Backup Policy",
+  "severity": "MEDIUM",
+  "category": "Backup",
+  "descriptionText": "CDB Instance should have set Backup Policy",
+  "descriptionUrl": "https://registry.terraform.io/providers/tencentcloudstack/tencentcloud/latest/docs/resources/mysql_backup_policy",
+  "platform": "Terraform",
+  "descriptionID": "f0daf852",
+  "cloudProvider": "tencentcloud",
+  "cwe": ""
+}